New Windows MyDoom Worm Searches and Destroys   2/17/2005 - 971 views, 1 Comment

Summary: The newest version of the MyDoom worm, discovered just today, not only still creates its own SMTP engine allowing it to send email from infected machine to every email address it can find on the computer, but this new and "improved" MyDoom also ...

Previous Article « Burgler Caught with Webcam and Windows Software
Read Next Article » Penis Enlargement Lawsuit Claims “It’s No Big Thing”

The newest version of the MyDoom worm, discovered just today, not only still creates its own SMTP engine allowing it to send email from infected machine to every email address it can find on the computer, but this new and “improved” MyDoom also uses the computer’s Internet connection to search for email addresses on Google, Yahoo, AltaVista, and Lycos, and sends itself out to any addresses it finds.

But wait, there’s more! This version of MyDoom, dubbed “MyDoom AO” also specifically searches the search engines for email addresses within its host’s domain, sending itself to as many email addresses within the host domain as it can find. For example, if the host computer sends email as joe@example.com, MyDoom looks on the search engines for as many email addresses at example.com as it can find. Then susan@example.com and don@example.com will get email from “joe@example.com”, and be much more likely to open it, thus unleashing the worm onto their computers as well. It may also be that this means that it will take only one infected machine to infect an otherwise secure network, as email addresses in the same domain may well all be behind the same firewall.

The virus also seems to display a preference for Google as, according to security firm Sophos, MyDoom AO sends about 45% of its queries through Google, another 22.5% through Lycos, 20% through Yahoo, and only 12.5% via AltaVista.

Also known as MyDoom.bb, the worm may also download the backdoor Trojan BackDoor-CEB.f to the host system.

Infected machines will have a file called “JAVA.EXE” on them.

According to another security company, Panda Labs, MyDoom AO will only affect computers running Windows 2003, XP, 2000, or NT.

Get FREE email alerts of new Internet Patrol stories!
    *We never share your email address with anyone

Email Address:
Date of first visit:
How you found us:

Subscribe to The Internet Patrol on your cell phone    Email the link for this page to a friend!

Read more:

»  Bad Enough it’s an Email Worm, Now MyDoom is Rude, Too

»  New MyDoom Worm Has No File, Just a URL, Exploits I.E. Hole

»  Free Tool from Microsoft Removes Malicious Software, Recommended for All Windows Machines (KB890830)

»  New Worm Variant Attacking Windows - New Sober Worm Bilingual

For additional similar stories check out our archives on Virus & AntiVirus

 

1 Comment »

  1. Infected machines will have a file called “JAVA.EXE� on them.

    This should go without saying, but knowing how many hoaxes have come about from things like this, it must be mentioned: Most uninfected machines will also have a file named “java.exe” on them– that’s the name of the executable for Sun’s Java runtime!

    Comment by codeman38 — 2/18/2005 @ 7:20 am

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


We apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day!

 
The Internet Patrol
Patrolling the Internet for You!